Google Chrome releases security fix for this major flaw, so update now

Silhouette of a hand holding a padlock infront of the google chrome logo
(Image credit: Shutterstock / Ink Drop)

Google says it has fixed a high-severity flaw in its Chrome browser which is currently being exploited by threat actors in the wild. 

In a security advisory, the company described the flaw being abused and urged the users to apply the fix immediately. 

"Google is aware that an exploit for CVE-2023-2033 exists in the wild," the advisory reads.

Automatic updates

The zero-day in question is a confusion weakness vulnerability in the Chrome V8 JavaScript engine, the company said. Usually, this type of flaw can be used to crash the browser, but in this case it can also be used to run arbitrary code on compromised endpoints. 

The flaw was discovered by Clement Lecigne from the Google Threat Analysis Group (TAG). Usually, TAG works on finding flaws abused by nation-states, or state-sponsored threat actors. There is no word on who the threat actors abusing this flaw are, though.

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google said. "We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed."

To remedy the vulnerability, users should make sure to update their browsers to version 112.0.5615.121 as soon as possible. The fix addresses the flaw on Windows, Mac, and Linux operating systems. To bring the browser up to date, users should head over to the Chrome menu (three horizontal dots in the upper right corner of the window) and navigate to Help > About Google Chrome. For us, the update was available immediately upon pressing the “check for new updates” button. Google, however, claims that the update should be available to all Chrome users “in the coming days and weeks”.

The update also required a browser reboot. 

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.